#!/bin/bash

set -ex

# We need API key to run this test
# hence we are checking if E2E_VET_INSIGHTS_V2 is set to true
# because API key is available for Insights v2
if [ "$E2E_VET_INSIGHTS_V2" != "true" ]; then
  echo "Skipping scenario-9-malware-analysis.sh as E2E_INSIGHTS_V2 is not set to true"
  exit 0
fi

# Not a malicious package
$E2E_VET_SCAN_CMD scan --purl pkg:/npm/@clerk/nextjs@6.9.6 \
  --malware --malware-analysis-timeout 60s --fail-fast

# Not a malicious package - without version
$E2E_VET_SCAN_CMD scan --purl pkg:/npm/@clerk/nextjs \
  --malware --malware-analysis-timeout 60s --fail-fast

# Not a malicious package - latest version
$E2E_VET_SCAN_CMD scan --purl pkg:/npm/@clerk/nextjs@latest \
  --malware --malware-analysis-timeout 60s --fail-fast

# GitHub Action without version
$E2E_VET_SCAN_CMD scan --purl pkg:/github/actions/checkout \
  --malware --malware-analysis-timeout 60s --fail-fast

# GitHub Action with latest version
$E2E_VET_SCAN_CMD scan --purl pkg:/github/actions/checkout@latest \
  --malware --malware-analysis-timeout 60s --fail-fast

$E2E_INSPECT_MALWARE_CMD --purl pkg:/github/actions/setup-node
$E2E_INSPECT_MALWARE_CMD --purl pkg:/github/actions/setup-node@latest
$E2E_INSPECT_MALWARE_CMD --purl pkg:/npm/@vercel/nft
$E2E_INSPECT_MALWARE_CMD --purl pkg:/npm/@vercel/nft@latest

# This is a malicious package
$E2E_VET_SCAN_CMD scan --purl pkg:/npm/llm-oracle@1.0.2 \
  --malware --malware-analysis-timeout 60s --fail-fast --malware-trust-tool-result || exit 0

# Fail if we don't already exit on malicious package detection
exit 1
